VYPR
Unrated severityNVD Advisory· Published Dec 10, 2024· Updated Dec 10, 2024

PenDoc vulnerable to Arbitrary File Read on updating and downloading templates using Path Traversal

CVE-2024-55602

Description

PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal (../) sequences into the file extension property to read arbitrary files on the system. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 contains a patch for the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Pwncollege/Pwndocllm-create2 versions
    < 1d4219c596f4f518798492e48386a20c6e9a2fe6+ 1 more
    • (no CPE)range: < 1d4219c596f4f518798492e48386a20c6e9a2fe6
    • (no CPE)range: < 1d4219c596f4f518798492e48386a20c6e9a2fe6

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.